Yesterday Google+ announced in a blog post that a security flaw in the application program interface of the already troubled social network, has exposed the details of more than 50 million Google users. The statement released by Google confirms that consumers are not the only ones affected by the flaw, the details of enterprise customers might have been exposed too. Even though that this only reflects approximately 5% of the total Google+ users, it is confirmed that last month the details of millions of US citizens have been exposed for almost a whole week.
The exposed information included personal details such as names, email addresses, occupation, usernames, display names, gender, relationship status, and date of birth. Similar to Facebook’s Cambridge Analytica scandal, other apps with access to a user’s profile data ended up being able to read the profile data that had been shared with the consenting user by another social network user. According to Google spokespeople, the bug did not leak sensitive information such as banking details, SSN, passwords, drivers licenses, and passport information and currently there is no evidence of criminal misuse of the data. Google is notifying the affected parties.
As we previously reported, Google+ was a victim of another cyber incident back in March. The exploit was considered as one of the many reasons Google decided to shut down its social network for consumer usage. The social media network was supposed to close doors at some point in August 2019 and remain active as an enterprise solution. However, Google’s inability to maintain the system secure and compliant has shortened the remaining life of the Facebook rival – the Google Plus for consumers will officially shut down within the next 90 days.
Google engineers found the bug as a part of a standard and ongoing testing procedures. Google claims that they fixed the issue within a week of discovering it. However, their investigation will continue as there might be a potential impact on other Google APIs. Even though Google has not reported any problems with the rest of their G-Suite services, the security flaw was announced by David Thacker, a VP Product Management of Google’s G Suite. Time will show if there are additional possible issues with other Google services such as Gmail, Docs, Drive, Calendar, etc.
Even though that this year has been a rough one for Google, the tech conglomerate has confirmed that Google+ for enterprises will continue to be supported and they will continue to invest in this side of the business.
What can you do to protect yourself?
Apart of hoping that the developers who had access to your details decided not to auction your personal information to the highest bidder on the dark web, now is the time to install anti-virus software and say goodbye to the hibernating social network by deleting your Google Plus profile. To remove your account, go to your Gmail account and click on your profile picture in the upper right-hand corner. Then click on ‘Google+ Profile,’ and then drag the cursor to your left and click on ‘Settings,’ and then hit that ‘Delete your Google+ profile’ button. There is no shame in abandoning a sinking ship.
The post Google Plus bug exposed personal details of 52.5 million people appeared first on Panda Security Mediacenter.